Conditional Access on the Device

For devices that meet the requirements of a compliance policy, accessing resources is seamless. Once a device registers, the user receives access to all authorized resources and applications.

Devices configured for Microsoft Share Mode Registration automatically register to Azure Active Directory. To register a non-Android Enterprise device as Microsoft Share Mode Registration, you must unregister and unenroll it. Re-enroll the device as work managed and register it as Microsoft Share Mode Registration.

The following example shows a device completing a Microsoft User Mode Registration and receiving a device ID.
The following example shows a device completing a Microsoft Share Mode Registration and receiving a device ID.

When opening a Microsoft 365 application such as Microsoft Teams on an unregistered device, the user must select Authenticate to register it as Microsoft User Mode.

The following example shows access to Microsoft Teams denied on a registered user device because the device does not meet the requirements of the compliance policy. This applies to both Microsoft User Mode Registration and Microsoft Share Mode Registration.

When opening a Microsoft 365 application such as Microsoft Teams on an unregistered device, the user must select Authenticate to register it as Microsoft User Mode.

The following example shows access to Microsoft Teams denied on a registered user device because the device does not meet the requirements of the compliance policy. This applies to both Microsoft User Mode Registration and Microsoft Share Mode Registration.

For troubleshooting tips, see the following:

1. Error On First-time Registration with Azure

2. Non-compliant devices can access Office 365 apps

3. Removal of Office 365 Access Not Immediate